<?PHP
// vim: set expandtab tabstop=4 shiftwidth=4:
// +----------------------------------------------------------------------+
// | SAPID: XML Sapiens Engine Demonstrator                               |
// +----------------------------------------------------------------------+
// | Author:  Max Baryshnikov aka Mephius <mb@redgraphic.com>,	          |
// | Dmitry Sheiko <sheiko@cmsdevelopment.com>	                		  |
// | Copyright (c) 2004-2005 Max Baryshnikov                              |
// | http://sapid.sourceforge.net	                                      |
// +----------------------------------------------------------------------+
// | This source file is free software; you can redistribute it and/or    |
// | modify it under the terms of the GNU Lesser General Public           |
// | License as published by the Free Software Foundation; either         |
// | version 2.1 of the License, or (at your option) any later version.   |
// |                                                                      |
// | This source file is distributed in the hope that it will be useful,  |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of       |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    |
// | Lesser General Public License for more details.                      |
// +----------------------------------------------------------------------+
// Release: 24.02.05 (dd/mm/yy)
// $Id: postmethod_analysis.inc.php,v 1.12 2006/02/20 08:30:10 sheiko Exp $

if (!defined("SAPID_STARTED")) die("Hacking attempt!");

if(isset($_SESSION["Md5OfGenCode"]) AND $_SESSION["Md5OfGenCode"] AND isset($_POST) AND $_POST) {
	if($_SESSION["Md5OfGenCode"]!=md5($_POST["gencode"])) { $GLOBALS["env"]["gencode_fault"]=1; unset($_POST); }
	unset($_SESSION["Md5OfGenCode"]);
} elseif(isset($_POST["gencode"]) AND $_POST["gencode"]) {
	$GLOBALS["env"]["gencode_fault"]=1; unset($_POST);
}


// Send feedback mail
if( $_POST["post_action"] == "MAILTOADMIN" ) {
	if($_POST["row"]) {
		$message = "<style>H1 {font-family: Arial; font-size: 12px; color: #444444;} </style><div style=\"padding: 10px; font-family: Arial; font-size: 12px; color: #444444;\"><h1>Feedback</h1>";
		foreach($_POST["row"] as $key => $val) {
			$message .= "<b>$key</b>: $val<br />";
		}
		$message .= "</div>";
	}
	$env["feedback_state"] = @send_mail($FEEDBACK_EMAIL, $_POST["mailfrom"], $_POST["mailsubject"], $message, $default_charset);
}

if( $env["argv_nav"][0]=="addentry" ) {
	$env["page"]["MASK"] = "#";
	$_GET["mode"]="edit";
}


// Send feedback mail

if( isset($_POST["mailmessage"]) AND isset($_POST["mailfrom"]) ) {
	if($_POST["mailto"]) $FEEDBACK_EMAIL = $_POST["mailto"];
	if(!$_POST["mailfrom"]) $_POST["mailfrom"] = $_POST["default_mailfrom"];
	$env["feedback_state"] = @mail($FEEDBACK_EMAIL, $_POST["mailsubject"], "User name: ".$_POST["mailname"]."\n\n User email: ".$_POST["mailfrom"]."\n\n User message: \n\n".$_POST["mailmessage"],  "From: ".$_POST["mailfrom"]."\n");

}

// Save page data
if (isset($_SESSION["user"]["LOGIN"]) and !$env["page"]["MASK"]){


	if ($env["page"]["pWrite"]) {
		if ($_POST["container"]["qc"] AND $env["argv_nav"][0]!="addentry" AND strpos($env["argv_nav"][0],'ic')===false) {
			$filename=$root_path . "usr/xml/content/" . $env["page"]["ID"] . ".xml";
			$db = new sapi_vdb($filename);
			$odata = $db->get_data($filename);
//			if($odata[1])
//			foreach ($odata[1] as $key=>$value) {
//				if($key!="IP" and $key!="DATE_CREATE" and $key!="ID") $data["row"][strtolower($key)]=$value;
//			}

			$data["row"]["IP"]=$_SERVER["REMOTE_ADDR"];
			$data["row"]["DATE_CREATE"]=date("Y-m-d H:i:s");

			foreach ($_POST["container"]["qc"] as $container) {
				if($_POST[$container] AND !preg_match("/^ic_/is", $env["argv_nav"][0]) AND !$env["page"]["MASK"]) {
					/*
					if($_FILES[$container]) {
						if(is_file($this->env["root_path"] . "usr/templates/" . $data["row"][$container])) @unlink($this->env["root_path"] . "usr/templates/" . $data["row"][$container]);
						if (strstr($_FILES[$container]["type"], "image")) $folder="images"; else $folder="files";
						$prefix=$env["page"]["ID"];
						if(@move_uploaded_file($_FILES[$container]["tmp_name"], $this->env["root_path"]."usr/templates/" . $folder . "/" . $prefix . "." . $_FILES[$container]["name"])){
							$data["row"][$container]=$folder . "/" . $prefix . "." . $_FILES[$container]["name"];
						}


					}else{
					*/	
						$_POST[$container]=str_replace("$", "&#36;", $_POST[$container]);
						$data["row"][$container]=preg_replace("/file:\/\/\/(.*)\/([a-zA-Z\d\._\-]+\.[jJgGpP][pPiInN][gGfF])/", $http_path . "usr/content/images/\\2", stripslashes($_POST[$container]));
						$data["row"][$container]=str_replace("�", "'", $data["row"][$container]);
						$data["row"][$container]=str_replace($http_path, "&http_path.value;", $data["row"][$container]);
					//}
					
					
				}
			}
			$db->save_objdata($data);
			$db->close();

		}
		if ($_POST["container"]["sdc"]) {
			foreach ($_POST["container"]["sdc"] as $container) {
				$_POST[$container]=str_replace("$", "&#36;", $_POST[$container]);
				$_POST[$container]=preg_replace("/file:\/\/\/(.*)\/([a-zA-Z\d\._\-]+\.[jJgGpP][pPiInN][gGfF])/", $http_path . "usr/content/images/\\2", stripslashes($_POST[$container]));
				$filename=$root_path . "usr/xml/sdc/" . $container . ".xml";
				$fp=@fopen($filename, "r+");
				if (!$fp) message_die("Couldn't open <b>" . $filename . "</b> for writing!");
				$size=filesize($filename);
				$data=fread($fp, $size);
				ftruncate($fp, 0);
				rewind($fp);
				$data=preg_replace("/<sapi:sdc(.*)>(.*)<\/sapi:sdc>/isU", "<sapi:sdc\\1>".$_POST[$container]."</sapi:sdc>", $data);
				fwrite($fp, $data);
				fclose($fp);
			}
		}
	}

}

// Save POST data
if($_POST["data_file"]) {
	$dbp = new sapi_vdb($root_path."usr/xml/vdb/".$_POST["data_file"]);
	$dbp->save_data_row();
	$dbp->close();
	unset($dbp);
}

// Add document comment
if($_POST["post_action"]=="ADDNEWCOMMENT") {
	$dbaddcom = new sapi_vdb($root_path."usr/xml/vdb/".$_POST["data_file"]);
	$data = array();
	$data["post_action"] = "ADDROW";
	//$id =  = $data["row"]["ID"] = time();
	$data["row"]["USER"] = $env["user.login"];
	$data["row"]["URI"] = (strpos($env["argv_nav"][0],'ic')===false)?$env["argv_string"]:$env['noslash_argv_string'];
	// Put indexes into VDB

	$dbaddcom->save_data_row(false, $data);
	$id = $dbaddcom->new_id;

	$channelpath = $root_path."usr/xml/vdb/allcomments_index";

	// Put data into certain file
	if( !is_dir($channelpath) ) {
		if(!mkdir($channelpath, 0777))
		message_die("Can not create the ".$channelpath);
	}
	if (!isset($dbp)) $dbp = new sapi_vdb($channelpath."/".($id).".xml");
	$data = array();
	$_POST["row"]["message"] = str_replace($http_path, "&http_path.value;", $_POST["row"]["message"]);
	$_POST["row"]["message"] = strip_tags($_POST["row"]["message"]);
	$_POST["row"]["message"] = preg_replace("/\n/", "<br />", $_POST["row"]["message"]);

	$data =  $_POST["row"];
	$data["ID"] = $id;
	$dbp->save_objdata(array($data));
	$dbp->close();
	unset($dbp);
	unset($dbaddcom);
}

// Delete entry
if($env["user.usergroup"]=="wheel" and $env["argv_nav"][0]=="deletecomment" and $env["argv_nav"][1]) {
	$dbaddcom = new sapi_vdb($root_path."usr/xml/vdb/allcomments_index");
	$channelpath = $root_path."usr/xml/vdb/allcomments_index";
	@unlink($channelpath."/".$env["argv_nav"][1].".xml");
	$dbaddcom->delete_data_row($env["argv_nav"][1], "ID");
	$dbaddcom->close();
	unset($dbaddcom);
}
?>